EUVD-2025-208146

The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the...

CVE-2020-7819

A SQL-Injection vulnerability in the nTracker USB Enterprisesecure USB management solution allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information...

EUVD-2025-10999

Malicious code in bioql PyPI...

EUVD-2023-53407

Malicious code in bioql PyPI...

CVE-2024-28816

Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php...

CVE-2025-28104

Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input...

CVE-2025-31357

An unauthenticated attacker can obtain a user's plant list by knowing the username...

CVE-2024-9989 Crypto <= 2.18 - Authentication Bypass via log_in

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...

CVE-2023-6144

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username...

Authentication flaw

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hiddenformdata' function. This makes it possible for authenticated attackers to log in as...

CVE-2023-1557 SourceCodester E-Commerce System Username access control

A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the argument USERID leads to...

CVE-2020-15110

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12...

The vulnerability of the microprogramming software of the Cisco TelePresence Conductor conference call control device allows a intruder to gain access to the device.

The vulnerability of the control interface for microprogramming-based conference communication devices like Cisco TelePresence Conductor is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to the device using a...

phpcms v9. 1. 1 5 sql and XSS exploits-vulnerability warning-the black bar safety net

phpcms v9. 1. 1 5 The official demo site has been updated to 9.1.16: the http://v9.demo.phpcms.cn/ XSS public function publicgetsuggestkeyword $url = $GET'url'.'& q='.$ GET'q'; echo $url; $res = @filegetcontents$url; ifCHARSET != 'gbk' $res = iconv'gbk', CHARSET, $res; echo $res; Use method:...

Ubuntu Update for net-snmp vulnerabilities USN-685-1

Ubuntu Update for Linux kernel vulnerabilities USN-685-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6851.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for net-snmp vulnerabilities USN-685-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Camera Life 2.6.2b4 Arbitrary File Upload Vulnerability

Exploit for unknown platform in category web applications ======================================================= Camera Life 2.6.2b4 Arbitrary File Upload Vulnerability ======================================================= + CameraLife-2.6.2b4 Arbitrary File Upload Vulnerability +...

security flaw

squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...

MDaemon SMTP Server 5.0.5 - Null Password Authentication

MDaemon SMTP Server 5.0.5 - Null Password Authentication source: https://www.securityfocus.com/bid/8382/info A vulnerability has been reported to affect the MDaemon SMTP authentication handler. It has been reported that any valid username or account can be used in conjunction with a null password...

IMP SQL modification

SQL query can be modifyed via username...

CVE-1999-0180

in.rshd allows users to login with a NULL username and execute commands...